diff options
Diffstat (limited to 'indra/newview')
-rw-r--r-- | indra/newview/CMakeLists.txt | 8 | ||||
-rw-r--r-- | indra/newview/VIEWER_VERSION.txt | 2 | ||||
-rwxr-xr-x | indra/newview/installers/darwin/apple-notarize.sh | 54 | ||||
-rw-r--r-- | indra/newview/llappviewer.cpp | 4 | ||||
-rw-r--r-- | indra/newview/llappviewerwin32.h | 4 | ||||
-rw-r--r-- | indra/newview/llsecapi.cpp | 6 | ||||
-rw-r--r-- | indra/newview/llsecapi.h | 2 | ||||
-rw-r--r-- | indra/newview/slplugin.entitlements | 8 | ||||
-rwxr-xr-x | indra/newview/viewer_manifest.py | 20 |
9 files changed, 94 insertions, 14 deletions
diff --git a/indra/newview/CMakeLists.txt b/indra/newview/CMakeLists.txt index 7b8af8fc69..b8be4a0682 100644 --- a/indra/newview/CMakeLists.txt +++ b/indra/newview/CMakeLists.txt @@ -1909,7 +1909,9 @@ if (WINDOWS) add_dependencies(${VIEWER_BINARY_NAME} copy_win_scripts) endif (EXISTS ${CMAKE_SOURCE_DIR}/copy_win_scripts) - add_dependencies(${VIEWER_BINARY_NAME} SLPlugin) + add_dependencies(${VIEWER_BINARY_NAME} + SLPlugin + ) # sets the 'working directory' for debugging from visual studio. # Condition for version can be moved to requirements once build agents will be updated (see TOOL-3865) @@ -2259,7 +2261,7 @@ endif (INSTALL) # Note that the conventional VIEWER_SYMBOL_FILE is set by ../../build.sh if (PACKAGE AND (RELEASE_CRASH_REPORTING OR NON_RELEASE_CRASH_REPORTING) AND VIEWER_SYMBOL_FILE) - if (USE_BUGSPLAT) + if (BUGSPLAT_DB) # BugSplat symbol-file generation if (WINDOWS) # Just pack up a tarball containing only the .pdb file for the @@ -2343,7 +2345,7 @@ if (PACKAGE AND (RELEASE_CRASH_REPORTING OR NON_RELEASE_CRASH_REPORTING) AND VIE if (LINUX) # TBD endif (LINUX) - endif (USE_BUGSPLAT) + endif (BUGSPLAT_DB) # for both Bugsplat and Breakpad add_dependencies(llpackage generate_symbols) diff --git a/indra/newview/VIEWER_VERSION.txt b/indra/newview/VIEWER_VERSION.txt index 4c8366c864..f186cd8874 100644 --- a/indra/newview/VIEWER_VERSION.txt +++ b/indra/newview/VIEWER_VERSION.txt @@ -1 +1 @@ -6.4.23 +6.4.24 diff --git a/indra/newview/installers/darwin/apple-notarize.sh b/indra/newview/installers/darwin/apple-notarize.sh new file mode 100755 index 0000000000..466898ecda --- /dev/null +++ b/indra/newview/installers/darwin/apple-notarize.sh @@ -0,0 +1,54 @@ +#!/bin/sh +if [[ $SKIP_NOTARIZATION == "true" ]]; then + echo "Skipping notarization" + exit 0 +fi + +CONFIG_FILE="$build_secrets_checkout/code-signing-osx/notarize_creds.sh" +if [ -f "$CONFIG_FILE" ]; then + source $CONFIG_FILE + app_file="$1" + zip_file=${app_file/app/zip} + ditto -c -k --keepParent "$app_file" "$zip_file" + if [ -f "$zip_file" ]; then + res=$(xcrun altool --notarize-app --primary-bundle-id "com.secondlife.viewer" \ + --username $USERNAME \ + --password $PASSWORD \ + --asc-provider $ASC_PROVIDER \ + --file "$zip_file" 2>&1) + requestUUID=$(echo $res | awk '/RequestUUID/ { print $NF; }') + + echo "Apple Notarization RequestUUID: $requestUUID" + + if [[ -n $requestUUID ]]; then + status="in progress" + while [[ "$status" == "in progress" ]]; do + sleep 30 + status=$(xcrun altool --notarization-info "$requestUUID" \ + --username $USERNAME \ + --password $PASSWORD 2>&1 \ + | awk -F ': ' '/Status:/ { print $2; }' ) + echo "$status" + done + # log results + xcrun altool --notarization-info "$requestUUID" \ + --username $USERNAME \ + --password $PASSWORD + + #remove temporary file + rm "$zip_file" + + if [["$status" == "success"]]; then + xcrun stapler staple "$app_file" + elif [["$status" == "invalid"]]; then + echo "Notarization error: failed to process the app file" + exit 1 + fi + else + echo "Notarization error: couldn't get request UUID" + echo $res + exit 1 + fi + fi +fi + diff --git a/indra/newview/llappviewer.cpp b/indra/newview/llappviewer.cpp index fe844cfa57..a4d28f7dc5 100644 --- a/indra/newview/llappviewer.cpp +++ b/indra/newview/llappviewer.cpp @@ -2006,7 +2006,9 @@ bool LLAppViewer::cleanup() if (LLConversationLog::instanceExists()) { LLConversationLog::instance().cache(); - } + } + + clearSecHandler(); if (mPurgeCacheOnExit) { diff --git a/indra/newview/llappviewerwin32.h b/indra/newview/llappviewerwin32.h index ab52bf15f9..82b6b0c77c 100644 --- a/indra/newview/llappviewerwin32.h +++ b/indra/newview/llappviewerwin32.h @@ -51,8 +51,8 @@ protected: bool initHardwareTest() override; // Win32 uses DX9 to test hardware. bool initParseCommandLine(LLCommandLineParser& clp) override; - bool beingDebugged() override; - bool restoreErrorTrap() override; + virtual bool beingDebugged(); + virtual bool restoreErrorTrap(); bool sendURLToOtherInstance(const std::string& url) override; diff --git a/indra/newview/llsecapi.cpp b/indra/newview/llsecapi.cpp index b9259cb18d..aba8ca5a4a 100644 --- a/indra/newview/llsecapi.cpp +++ b/indra/newview/llsecapi.cpp @@ -75,6 +75,12 @@ void initializeSecHandler() } } + +void clearSecHandler() +{ + gSecAPIHandler = NULL; + gHandlerMap.clear(); +} // start using a given security api handler. If the string is empty // the default is used LLPointer<LLSecAPIHandler> getSecHandler(const std::string& handler_type) diff --git a/indra/newview/llsecapi.h b/indra/newview/llsecapi.h index 1e6f2154bc..410737b27f 100644 --- a/indra/newview/llsecapi.h +++ b/indra/newview/llsecapi.h @@ -533,6 +533,8 @@ public: }; void initializeSecHandler(); + +void clearSecHandler(); // retrieve a security api depending on the api type LLPointer<LLSecAPIHandler> getSecHandler(const std::string& handler_type); diff --git a/indra/newview/slplugin.entitlements b/indra/newview/slplugin.entitlements new file mode 100644 index 0000000000..a1c430a57a --- /dev/null +++ b/indra/newview/slplugin.entitlements @@ -0,0 +1,8 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> +<plist version="1.0"> +<dict> + <key>com.apple.security.cs.allow-unsigned-executable-memory</key> + <true/> +</dict> +</plist> diff --git a/indra/newview/viewer_manifest.py b/indra/newview/viewer_manifest.py index 43dcc6fffe..b932f43141 100755 --- a/indra/newview/viewer_manifest.py +++ b/indra/newview/viewer_manifest.py @@ -1297,14 +1297,19 @@ class DarwinManifest(ViewerManifest): signed=False sign_attempts=3 sign_retry_wait=15 + libvlc_path = app_in_dmg + "/Contents/Resources/llplugin/media_plugin_libvlc.dylib" + cef_path = app_in_dmg + "/Contents/Resources/llplugin/media_plugin_cef.dylib" + slplugin_path = app_in_dmg + "/Contents/Resources/SLPlugin.app/Contents/MacOS/SLPlugin" + greenlet_path = app_in_dmg + "/Contents/Resources/updater/greenlet/_greenlet.so" while (not signed) and (sign_attempts > 0): try: - sign_attempts-=1; - self.run_command( - # Note: See blurb above about names of keychains - ['codesign', '--verbose', '--deep', '--force', - '--keychain', viewer_keychain, '--sign', identity, - app_in_dmg]) + sign_attempts-=1 + # Note: See blurb above about names of keychains + self.run_command(['codesign', '--force', '--timestamp','--keychain', viewer_keychain, '--sign', identity, libvlc_path]) + self.run_command(['codesign', '--force', '--timestamp', '--keychain', viewer_keychain, '--sign', identity, cef_path]) + self.run_command(['codesign', '--force', '--timestamp', '--keychain', viewer_keychain, '--sign', identity, greenlet_path]) + self.run_command(['codesign', '--verbose', '--deep', '--force', '--entitlements', self.src_path_of("slplugin.entitlements"), '--options', 'runtime', '--keychain', viewer_keychain, '--sign', identity, slplugin_path]) + self.run_command(['codesign', '--verbose', '--deep', '--force', '--options', 'runtime', '--keychain', viewer_keychain, '--sign', identity, app_in_dmg]) signed=True # if no exception was raised, the codesign worked except ManifestError as err: if sign_attempts: @@ -1315,6 +1320,7 @@ class DarwinManifest(ViewerManifest): print >> sys.stderr, "Maximum codesign attempts exceeded; giving up" raise self.run_command(['spctl', '-a', '-texec', '-vvvv', app_in_dmg]) + self.run_command([self.src_path_of("installers/darwin/apple-notarize.sh"), app_in_dmg]) finally: # Unmount the image even if exceptions from any of the above @@ -1367,7 +1373,7 @@ class LinuxManifest(ViewerManifest): with self.prefix(dst="bin"): self.path("secondlife-bin","do-not-directly-run-secondlife-bin") self.path("../linux_crash_logger/linux-crash-logger","linux-crash-logger.bin") - self.path2basename("../llplugin/slplugin", "SLPlugin") + self.path2basename("../llplugin/slplugin", "SLPlugin") #this copies over the python wrapper script, associated utilities and required libraries, see SL-321, SL-322 and SL-323 with self.prefix(src="../viewer_components/manager", dst=""): self.path("*.py") |